hello there, pretty new to Cerbos and I have had some fun using it lately. I was having some questions that i dont seem to find an answer to. I am using a .NET client as a consumer for the cerbos PDP. I managed to use some reflection to be able to create my CheckRequests automatically whenever I want to check the rights for a specific resource or many. So each Entity in C# has a smaller subset of their properties as a DTO that will be sent towards the PDP. Now every time I want to change the policies to add some new attribute I have to also keep in mind the DTO that I am using to generate the request. Here comes the question: Is there a plan to create something that would generate JSON Schemas for such files and maybe vice-versa? Could be something like:

cerbosctl gen-schema --type=csharp --source="/Dto" --dest="/cerbos/_schema"
cerbosctl gen-dto --type=csharp --source="/cerbos/_schema" --dest="/Dto"

Or even just based on the resource_policy to create the resource schematic? Thank you!

Hey, is your question about generating/updating the schemas by inspecting the policies? The way Cerbos operates right now is by treating the schemas as authoritative because they could come from a central location that's external to the Cerbos PDP (such as a schema registry). If they are local to the Cerbos policy repo, it's certainly an interesting idea to provide some tooling to go from policy to schema. In fact, we've considered something similar in the past. The biggest problem with going from policy to schema is that determining the types of attributes from policy rules is not always possible because they are dynamically typed by the evaluator. The other issue is that we have to make certain assumptions like "all new attributes are required", which may or may not be the outcome you want. So, policy-to-schema generation is probably still going to require quite a bit of manual intervention to get right. We weren't convinced that it was a significant time saver. Your project sounds interesting. If you have an open source tool or library that makes working with Cerbos easier, we'll be happy to link to it from the relevant places so that others could benefit from your work too.

I see i didnt take that in consideration. So it is not possible to generate from the policies (which makes sense now that you are saying it out loud). I am thinking to do something using another JSON Schematic generator to generate the schematics based on some .cs classes and store them into the pdp. The more interesting approach would be to have a service that loads the schema for a specific resource. That schematic would then be used to parse our object to the right payload towards PDP. Thanks for your time and the quick answer, if I have the time to create something along those lines, I will make sure to let you know.